[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Filter to AND with uid=%s



>It's somewhat worrying that nss_ldap is returning the user's password as part
>of the passwd struct.  This suggests to me that there is at least a possible
>insecurity with nss_ldap: what happens if a non-privileged user calls
>getpwnam() for some other user's account (or root's!) that's stored in LDAP?
>Perhaps the authors of nss_ldap had a reason for allowing the password to be
>returned, but I can't imagine what that would be.

See RFC 2307. If you don't want to return the password,
configure ACLs on your LDAP server appropriately.


-- Luke

--
Luke Howard | Darwin Developer | PADL Software Pty Ltd
www.padl.com | lukeh@darwin.apple.com | lukeh@padl.com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []